Feature #9754
closed
Add separate authentication log
Added by Jim Pingle about 5 years ago.
Updated almost 5 years ago.
Description
Would be nice to have a log dedicated to authentication events (ssh, gui, VPNs, etc).
Most things will be caught by auth.*;authpriv.* but there may be some stragglers.
Notably, IPsec authentication doesn't appear to have a way to get just the user auth messages. They are a part of the "ike" subsystem and do not show up until the log level is increased to where it's far too chatty to include here.
The radius package should probably also send its logs there.
- Status changed from New to Feedback
- % Done changed from 0 to 100
- Category changed from Logging to Captive Portal
- Status changed from Feedback to In Progress
- Assignee deleted (
Jim Pingle)
- Target version deleted (
2.5.0)
- % Done changed from 100 to 90
Still need to poke at IPsec a bit to see if there is another way to get just the auth messages out of it. Might not be possible.
- Category changed from Captive Portal to Logging
- Assignee set to Jim Pingle
- Target version set to 2.5.0
- Status changed from In Progress to Feedback
- % Done changed from 90 to 100
I'm still not seeing a viable way to get the IPsec logs out when strongSwan handles the authentication internally (e.g. EAP), might revisit in the future.
Otherwise this is working for the base system so far.
Jim Pingle wrote:
I'm still not seeing a viable way to get the IPsec logs out when strongSwan handles the authentication internally (e.g. EAP), might revisit in the future.
Otherwise this is working for the base system so far.
tested on 2.5.0.a.20191210.1722
PPPoE, L2TP, WebGUI and console/ssh is ok
What about OpenVPN server auth log?
- Status changed from Feedback to Resolved
OpenVPN authentication is already placed in the auth log.
Dec 11 08:25:04 openvpn 895 user 'jimp' authenticated
Also available in: Atom
PDF
Updated by 
Updated by Viktor Gurov